Stack Eval

Look into the actual technology stack they use (seems to be Rails
based in this case) to make sure there aren't any potential snags
there

Ben took a quick look:
My main one [concern] here is the lack of any options for installation other
than Docker which makes no sense for a Rails application. Looking into
their Docker image installation script I see that they build both
Nginx and Imagemagick themselves (and stepping outside of package
repositories is generally a bad idea). Imagemagick is of grave concern
as this project has had numerous security advisories in the past and I
see the version they're using isn't the latest one. I have further
concerns for Nginx as they include a third party compression module,
Brotli, whose codebase hasn't been touched in 2 years (plus it's a
compression method, so you have the risk of CRIME/BREACH attacks).

Auth Options

Evaluate what support it has for authentication options (Identity
requires LDAP at the moment, but will move to OAuth2 at some point
using a custom API)

Data Import

Determine what's needed to import existing data we have

We have phpbb 3.0 which is supported to migrate from. There may be problems with custom mods adding custom stuff to the database (notably the OS/distro icon would not be migrated obviously).
It may be good to actually have a schema to look at. Also, hard to tell how well this will work in practice without giving it a try with an actual db dump from the production phpbb forum.

Structure

Ascertain how best to structure things to make it easy for
end-users to work with.

One would presume the structure could be very/entirely similar to what we have currently. Discourse offers a fairly similar view, scalable to many different subforums (e.g. https://discourse.ubuntu.com/). It may be wise to also revisit the overall structure and possibly merge some forums though.

Anti-Spam

Investigate what anti-spam options are available and how
maintainable any customisations we need to support KDE specific
workflows will be

There is also built-in monitoring which allows admins to view a list of "suspicious" users by applying a bunch of metrics to determine if a (new) user may be a spammer (/admin/users/list/suspect)

Discourse also has built-in screening capabilities where apparently all sorts of stuff can be used to block or mark posts for review. This at least includes originator IP (ranges), email addresses patterns and URL patterns.